New York Post’s X Account Compromised in Sophisticated Crypto Scam Campaign

The New York Post’s official X account appears to have fallen into the hands of malicious actors, who are now using it to discreetly target members of the crypto community. Unlike the usual scams that rely on flashy links or public wallet drainers, this operation is marked by subtlety and precision—leaning heavily on private messages and impersonation tactics to bait unsuspecting users.

The scam was first flagged on May 3 by Alex Katz, founder and CEO of Kerberus, who shared a screenshot of a direct message allegedly from journalist Paul Sperry. The message, sent from the Post’s verified X account, invited users to appear on a podcast and asked them to connect further via Telegram.

But there’s a twist: once the message is delivered, the user is immediately blocked—effectively preventing them from replying or reporting the breach to the real New York Post team. According to cybersecurity engineer and NFT collector known as “Drew,” this tactic is becoming increasingly common among crypto scammers who have begun adopting more insidious forms of social engineering.

Zoom Vulnerability Raises Alarms

NFT enthusiast Donny Clutterbuck from Bitcoin ordinals platform Fomojis added another layer of concern, suggesting the scam may involve a previously unknown Zoom exploit. He recounted receiving a similar invite, after which he noticed a suspicious pop-up offering to “enable WiFi” while joining the call—a request that could give the attacker unauthorized network access.

Clutterbuck’s account echoes the chilling experience of Emblem Vault CEO Jake Gallen, who lost $100,000 worth of crypto after participating in what he believed was a legitimate interview over Zoom. 

That incident also began with an unsolicited X message, followed by a video call during which malware was discreetly installed to drain his crypto wallets.

A Familiar X Account Hack Pattern

This isn’t the first time the New York Post’s X account has been compromised. In 2022, an insider exploited access to publish offensive posts disguised as headlines. But the latest breach stands out for its restraint—there were no overt messages or promotional links posted publicly. 

Instead, the attackers seem focused on gaining the trust of high-value crypto users before executing their attack in private.

Blockchain investigator ZachXBT noted that this case bears similarities to a recent breach involving The Defiant’s X account, reinforcing a troubling trend: crypto scams are evolving beyond flashy phishing links and into coordinated, human-centric manipulation.